The Android system uses the certificate as a means of identifying the author of an application and establishing trust relationships between applications. The certificate is not used to control which applications the user can install. The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates.
(4) Now, Fire following command.
signapk.jar certificate.pem key.pk8 "oldapkname.apk" "newapkname.apk"
(5) And you can see new signed apk file will be created with 25 years of validity.
Let me know if you have any other questions.